More and more companies tolerate the use of “foreign devices” of employees so that employees can choose their own personal devices. For instance, one intention is a reduction in costs for the company. Another intention is simply to allow employees to choose hardware according to their personal wishes. However, this so-called realm Bring Your Own Device (BYOD) has to be consistent with enterprise policies, and the liability in terms of compromised BYOD devices has to be reduced. Further, the user's private data, private policies, and users' reluctance in modifying its own device or limiting its capabilities have to be taken into account when applying the Bring Your Own Device realm.
Within these boundaries, applications have to be correctly executed on the employees' device, i. e. the untrusted environment.
Conventional solutions for a correct execution of applications, for example, disclosed in Mathias Payer, Tobias Hartmann, and Thomas R. Gross, “Safe Loading—A Foundation for Secure Execution of Untrusted Programs”, in Proceedings of S&P 2012, or in Jonathan Pincus, Brandon Baker, Beyond Stack Smashing: “Recent Advances in Exploiting Buffer Overruns”, IEEE Security and Privacy, 2004, rely on instruction set randomization.
Other conventional methods rely on a set of complementary hardware assumptions to achieve correct executions of applications. Conventional solutions also require a complete sandboxing of applications or leverage memory isolation in addition to address space randomization and are therefore time-consuming and complex to implement.
Another conventional solution disclosed in US 20120159193 A1 uses randomization of values of machine instruction code sets of an application prior to execution of the code.